Shop Mobile More Submit  Join Login
×

:iconmlpfriendshipismagic: More from MLPFriendshipIsMagic


Featured in Collections

Journals by adamlhumphreys

Stories by Kano-20

Journals by Hyper-Sentai-King


More from DeviantArt



Details

Submitted on
February 20, 2013
Link
Thumb

Stats

Views
4,910
Favourites
33 (who?)
Comments
48
×

Regarding Group Security and "Hackers"

Journal Entry: Wed Feb 20, 2013, 8:45 PM



Hello Everypony,

This post is largely directed towards anyone who moderates or runs a MLP-related group on DeviantArt, but the information contained can be relevant to everyone.

Over the past few hours, there's been a note circulating around to various MLP groups, claiming that there is a small group of "hackers" (which is not the correct word) attacking MLP groups, taking them over, and vandalizing them. To counter this, the note is suggesting that groups should block all join requests, disable auto-accept, and then forward the note to every other group you know of.

Really, that's horrible advice, don't do that.

It is true that during the past few days, a couple of pony groups have been attacked by malicious users. However, there is no elaborate hack or security flaw that's allowing this to happen. Instead, the groups that were attacked simply had an incorrectly configured, yet easily fixable, setting in their group's permissions which allowed such attacks.

Most groups already are not affected by this issue. However, there are a few where the settings are less than secure. To check to see if your group is at risk, go into your "Admin Area", click on "Manage Members", and click on your "Co-Founder" role. Next, look for the "Join Requests" option, and make sure that it is set to "Not Allowed". If that option is not set to "Not Allowed", change it so that it is - this will prevent people from joining your group as a Co-Founder. Repeat this for the "Moderator" and "Contributor" roles, and this will prevent anyone from joining your group as anything but a regular member.

There is no need to disable join requests, or require moderator approval for new members to join your group - that just prevents your group from growing. I should also point out that the group who started circulating this note, suggesting that other groups disable join requests, has not done so themselves. Regular members cannot cause any damage to your group beyond spamming it (which can be dealt with easily enough), so there's no sense in preventing people from being able to become members.

A few more words of advice:

1) Always use a strong password, including a mixture of upper and lower case letters, numbers, and symbols. The longer and more random a password is, the more secure it is.

2) Do not use the same password on multiple sites. Instead, try coming up with a new password for each website you use. If you have difficulty remembering these passwords, look into using an encrypted password manager such as KeePass.

3) Do not ever download files from people you do not know, especially if they end in .zip, .rar, .7z, .gz, .exe, or .msi. Really, you shouldn't download _ANYTHING_ from someone you don't know, no matter what, but that holds doubly true for files ending in those extensions.

4) If you run a group on DA, do not let just anyone who asks become a moderator/co-founder/contributor of the group. Look into them a bit - how long have they been on DA? Do they mod any other groups? Do they interact with the community alot? Do any of your other mods/co-founders know them? If anything seems fishy or suspicious about them, or if you can't confirm that they'd be a good moderator, don't let them be one.

5) Finally, we ask that you please do not send mass-notes or mass-comments to every group you're a member of linking back to this journal, or copy/pasting its text. While it is a noble intention to want to warn the other groups, sending out mass notes/comments could be considered spamming, and may do more harm than good.

We hope that this journal entry was informative, helps you secure both your account and your group, and helps clear up any misconceptions and false information that have been floating around. While this situation is indeed a cause for concern, it has been blown a bit of proportion. Simply make sure that your groups are secure and you're using a strong password, and you'll have little to worry about.

~Fifth Element, Founder

Add a Comment:
 
:iconzilvart:
zilvart Featured By Owner Feb 24, 2013  Hobbyist Digital Artist
ye but if no ones isn't avaible to join the group wont grow hower i do see,it's a proble with that!
Reply
:iconfor-the-plot:
For-The-Plot Featured By Owner Feb 23, 2013  Professional General Artist
hacker is mostly just a band aid for 'i've been had and don't want to admit i was directly responsible.'
Reply
:iconorcha3000:
Orcha3000 Featured By Owner Feb 22, 2013  Student Digital Artist
thank you. :)
Reply
:iconvabla:
Vabla Featured By Owner Feb 22, 2013  Hobbyist
This is (or at least should be) common sense. I'm kind of surprised people would miss something like that.
And I cringe every time I see the word "hacker" tossed around whenever someone does something they shouldn't be able to. Soon it'll be "terrorist".
Reply
:iconkittykatengle:
KittyKatEngle Featured By Owner Feb 21, 2013
Thank you for the warning!!
Reply
:iconjeurobrony:
jeurobrony Featured By Owner Feb 21, 2013
If I can add something:
Use Firefox. And definitely not Chrome. (Opera and Lynx are also OK).
Don't open any files from unknown sources. Especially on Windows.
If possible, install Linux or at least use Live CD.
Get a VPN or browse through Tor/i2p. Using public proxy is not recommended.
Get NoScript, Do Not Track Me, HTTPS Everywhere add-ons for Firefox.
Report, report, report. Share information about malicious links.
Always double check the URL (location bar/place where you enter address) of the login page. If even one letter is not on place (e. g. devAIntart.com instead of devIAntart.com), leave the page immediately.
Perform antivirus scan a few times a month. (You can also try netstat check. Secure link: [link] )
Now, the security has been doubled.
P.S. These guys are script kiddies. They can only share keyloggers/viruses.
Reply
:iconmystic-lightscx:
Mystic-LightsCx Featured By Owner Feb 24, 2013  Hobbyist Digital Artist
I've got Bitdefender, Firefox, and Linux x3 Plus, I ALWAYS check the URL of a page, I never click on links like bit.ly, tinyurl.com, or anything that looks suspicious. I think I'm quite safe xD
Reply
:iconthedpfangurl:
TheDPFangurl Featured By Owner Feb 21, 2013
I don't know... It just feels like a lot of people are getting hacked personally lately...
Reply
:iconzeropegasi:
ZeroPegasi Featured By Owner Feb 21, 2013  Hobbyist General Artist
noted, stored and archived
thanks for the heads up
Reply
:iconenma-darei:
Enma-Darei Featured By Owner Feb 21, 2013  Hobbyist Digital Artist
using a strong password is the best suggestion, seriously, it's not that hard to come up with a strong password.
Reply
:iconpeacefulinvasion:
peacefulinvasion Featured By Owner Feb 21, 2013  Hobbyist Artist
Also never give your password to anyone. Sure maybe really REALLY close TRUSTED friends you know in the real world are ok because I've done that with one of my friends but don't give it to some stranger.
Reply
:iconjimraynorhyperion:
JimRaynorHyperion Featured By Owner Feb 21, 2013  Hobbyist Writer
did this after i saw this youtube account. that was the only way he took control of the group. but there only one thing that bug me is, did he boot out the founder? since the main and other co founder didn't did anything to fix/recover their group page
Reply
:iconawesomeluna:
awesomeluna Featured By Owner Feb 21, 2013  Student General Artist
if you are refering to #Sweetie-Belle-Lovers and #FIM-MLP than he hasn't removed the founder, the founder has (in both cases) been offline for a long time and is the only person with the privs to properly fix things.
Reply
:icongerardwei:
Gerardwei Featured By Owner Feb 21, 2013  Hobbyist General Artist
Finnaly, someone has done something about this, I'm in quite a few of these pony groups that have been attacked and It REALLY rubs me in the wrong way -_-
Reply
:iconquila111:
quila111 Featured By Owner Feb 21, 2013  Student Digital Artist
Oh thank GOD a group has finally posted the right thing instead of that stupid Note! I pray more groups start using this journal x - x
Reply
Hidden by Owner
:iconlittlekirara:
LittleKirara Featured By Owner Feb 21, 2013  Hobbyist Digital Artist
:thumbsup:
Reply
:iconk4nk4n:
K4nK4n Featured By Owner Feb 21, 2013
Thank you for telling us this, it realy gives us some relief.
Reply
:icongray--day:
Gray--Day Featured By Owner Feb 21, 2013  Hobbyist Digital Artist
It frankly confused me every time I saw these situations referred to as "hacking." I understand someone might feel bad for allowing security loopholes in their groups, but covering up a mistake in this way just spreads disinformation.

Alternatively, there are mock groups around which only pose as such interested in pony art collection. This is wild speculation, but it could be the case that the bad advice came from one such group that wanted to join in on the little commotion.
Reply
:iconallfathereye:
AllfatherEye Featured By Owner Feb 21, 2013
congratz you´re the first that realized their own stupidity enabled us to do this and not go into crazy spasm about it
stay dimwitted my friends :3
Reply
:iconzelc-face:
zelc-face Featured By Owner Feb 21, 2013  Student Digital Artist
Thanks, currently changed the settings in my group until the problem is resolved.
Reply
:iconcolor-clouds:
Color-Clouds Featured By Owner Feb 20, 2013  Student General Artist
What?! there's HACKERS?! Trying to hack OUR ponies? :iconrarityfacehoofplz: Ugh! When will they just LEAVE US ALONE?!

Of ALL the worst possible things that can happen,

this is

THE
WORST
POSSIBLE
THING! :iconworstpossiblething:
Reply
:iconzilvart:
zilvart Featured By Owner Feb 24, 2013  Hobbyist Digital Artist
Yea it's the worst possible thing!
Reply
:iconcolor-clouds:
Color-Clouds Featured By Owner Feb 25, 2013  Student General Artist
And the people who work for DA don't even care!
Reply
:iconzilvart:
zilvart Featured By Owner Feb 25, 2013  Hobbyist Digital Artist
Really??
Reply
:iconcolor-clouds:
Color-Clouds Featured By Owner Feb 26, 2013  Student General Artist
Yea they don't give a buck.
Reply
:iconzilvart:
zilvart Featured By Owner Feb 26, 2013  Hobbyist Digital Artist
:D
Reply
:icondattebayo681:
Dattebayo681 Featured By Owner Feb 21, 2013  Hobbyist Traditional Artist
lol
Reply
:iconmorningstar-1337:
Morningstar-1337 Featured By Owner Feb 20, 2013   Digital Artist
Oh yeah :iconmlp-fim-wallpapers: just received that note. Glad you put up this journal =)
Reply
:iconwonder-waffle:
Wonder-Waffle Featured By Owner Feb 20, 2013  Student Digital Artist
Well put journal
Seriously, not all panicky and spassing out like all the others
Also with useful information!
Reply
:iconmileniakitsuvee:
MileniaKitsuvee Featured By Owner Feb 20, 2013  Hobbyist General Artist
Do people even know the definition of "hacker"? :/
Reply
:iconjeht-maverick:
Jeht-Maverick Featured By Owner Feb 20, 2013
Considering I co-founded an MLP RP group, this is good advice, thanks. ;3
Reply
:iconadamlhumphreys:
adamlhumphreys Featured By Owner Feb 20, 2013  Professional General Artist
I second what ~Fuzzywuff said. It's always good to hear from someone who knows what they're talking about. Even the "hacker" said they were "teaching" security lessons. More like the same as failing hard drive teaching data-backup lessons except the hard drive didn't have any malicious intent or ill conceived ill will and misplaced hate.
Reply
:iconfuzzywuff:
Fuzzywuff Featured By Owner Feb 20, 2013  Hobbyist General Artist
Finally someone who make sense.

I was feed up of the other group over reacting like there was some kind of violent exploit going around.

2 of 3 groups I join usually have the cp-founder enabled, and rarely even the founder role...
Reply
:icongrandmoonma:
grandmoonma Featured By Owner Feb 20, 2013  Hobbyist Artisan Crafter
thank you for this informative & helpful message.
It's refreshing to hear from a source with clear-cut moves to make to combat this hate, and not just an almost panicky warning.
Reply
:icondarkwingdrake:
DarkwingDrake Featured By Owner Feb 20, 2013  Hobbyist Traditional Artist
Thanks for the advice! Blasted hackers D:
Reply
:iconcrucifythewolf:
CrucifyTheWolf Featured By Owner Feb 20, 2013  Hobbyist General Artist
Good advice actually!
The hacking really was fucked beyond belief.And the hacker was a pathetic prick.
Reply
:iconseenotc:
SeeNotC Featured By Owner Feb 20, 2013
Thanks for posting this. I was getting really irritated at how loosely all the other groups are throwing around the word "hacked". Guys, your group wasn't HACKED, you just left the front door open and some troll managed to play you for a fool. A REAL hack would involve extracting passwords from dA's encrypted database... in which case, everyone would be screwed.
Reply
:iconibelcomputing:
ibelcomputing Featured By Owner Feb 20, 2013
"It is true that over the past few days, a couple of pony groups have been attacked by malicious users. However, there is no elaborate hack or security flaw that's allowing this to happen. Instead, the groups that were attacked simply had a incorrectly configured, yet easily fixable, setting in their group's permissions which allowed such attacks."

Exactly.

"There is no need to disable join requests, or require moderator approval for new members to join your group - that just prevents your group from growing. I should also point out that the group who started circulating this note, suggesting that other groups disable join requests, has not done so themselves. Regular members cannot cause any damage to your group beyond spamming it (which can be dealt with easily enough), so there's no sense in preventing people from being able to become members."

More tran true.

This info is useful not only to group admins, but general public as well, since they can see that taking control of user accounts is not done by magic, shamanic rituals, but it generally involves poor group administration and less-than-secure settings. Yes, it's true that passwords can be obtained by keyloggers or fake DA login pages, and it is responsability of the user to be informed. Nonetheless, as you truthfully said, regular members can't cause more than minor annoyances such as spamming. Group admins, as everybody else concerned by this, should take care of their accounts.

Cheers.
Reply
:iconjoeyh3:
joeyh3 Featured By Owner Feb 20, 2013  Hobbyist Digital Artist
One of the biggest issues is being reactive vs being proactive. When it comes to security, a lot of people don't think about it until after something happens, which results in them scrambling to clean up the mess and fix it as soon as possible, which usually leads to important steps being missed.

It's much easier to be proactive about security issues - figure out what can go wrong, and then fix it so that it doesn't. That is a much more reliable approach, as you have a lot more time to think of the best solution, consider the what-ifs, etc. It's always a better idea to prevent problems from happening than it is to try to fix them once they have happened.
Reply
:iconjimraynorhyperion:
JimRaynorHyperion Featured By Owner Feb 21, 2013  Hobbyist Writer
where Rainbow Dash? oh there she is :3 lol sorry but your pic. i had too
Reply
:iconbb-k:
BB-K Featured By Owner Feb 20, 2013  Hobbyist Digital Artist
Phew, that's good to know, as usual, there will be haters still hate us instead of Spongebob. But, we'll do whatever we can to defend ourselves, thanks for notifying.
Reply
:icondarthwill3:
DarthWill3 Featured By Owner Feb 20, 2013  Hobbyist Traditional Artist
Duly noted!
Reply
:iconarthapenn:
Arthapenn Featured By Owner Feb 20, 2013
Thanks for the info. I will spread the word.
Reply
:iconarthapenn:
Arthapenn Featured By Owner Feb 20, 2013
Ok, block my replies.
Reply
:iconjoeyh3:
joeyh3 Featured By Owner Feb 20, 2013  Hobbyist Digital Artist
No, please don't. That's spamming.

We have over 18,000 members in this group, chances are the vast majority of MLP groups on DA have at least one mod who's a member of this group, and they'll see this post on their own. Sending out mass notes/mass comments to warn other groups will likely get you reported for spamming a few times.
Reply
:iconjazzytyfighter:
JazzyTyfighter Featured By Owner Feb 20, 2013  Student General Artist
Thanks for the advice! I run 3 pony groups, so I panicked and since I've only been with dA for almost a year, I didn't want to mess things up.
Reply
Add a Comment: